Login via auth0-js shows two consent screens

nick.silvestri · January 13, 2023, 9:54pm

Product requirements forced me to create my own signup UI. My SPA works as such:

A user inputs an email and password, and clicks “sign up”
The client makes a request to the backend to add a user
The backend signs up a new user via the Auth0 management API
The backend returns with a success response to the client
The client, now with the knowledge that the user’s account exists, automatically signs in the user with the credentials that were used to sign up.
Upon successful login, the user is redirected to the application homepage.

Steps 1-5 seem to work correctly. Step 6 has a small problem, as when the user is logged in and redirected to the specified redirectUri, they are shown two identical consent screens, back to back. Upon accepting the first screen, the application will reload and show a second, identical consent screen. Upon accepting that second screen, the user is redirected back to the application and it loads correctly. There are no additional scopes or different applications between the two consent screens; they are exactly the same.

I’ve used the following auth0-js code to sign the user in. This is triggered in the button’s click handler, strictly after the user’s account has been created. HOME_URL is the homepage of the application (home is a the / route, signup is on a /signup route). AUTH0_REALM is Username-Password-Authentication and I do not allow any other type of authentication.

// sign up happened above
if (signUpResponse.ok) {
  let webAuth = new auth0.WebAuth({
    domain: process.env.REACT_APP_AUTH0_DOMAIN,
    clientID: process.env.REACT_APP_AUTH0_CLIENT_ID,
    responseType: "token",
    redirectUri: process.env.REACT_APP_HOME_URL,
    });
  webAuth.login({
    realm: process.env.REACT_APP_AUTH0_REALM,
    email: email,
    password: password,
  });
}

There is no client-side routing on this page; I rely on the redirectUri specified to do the routing after I call webAuth.login(). It seems to be working, other than two consent screens.

Is there something wrong with my code or tenant configuration that is causing two consent screens?

dan.woda · January 20, 2023, 9:04pm

Hi @nick.silvestri,

Thanks for the detailed request.

Do you want to see the consent screen at all? You should be able to disable entirely if this is a first party applications.

nick.silvestri · January 20, 2023, 9:36pm

Thanks for the response @dan.woda. Disabling the consent for the first-party application was what I ended up doing to “resolve” this situation, since I do not anticipate third-party signups in this context.

dan.woda · January 20, 2023, 9:44pm

Great, glad you figured out a solution.

system · March 28, 2023, 1:21pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.